North Korean hackers stole $308 million worth of Bitcoin from DMM Bitcoin.

admin1 day ago

Authorities in Japan and the United States have identified North Korean cyber actors as the culprits behind the theft of $308 million worth of cryptocurrency from DMM Bitcoin in May 2024. This cyber heist was officially attributed to TraderTraitor threat activity linked to North Korea. They are recognized by aliases such as Jade Sleet, UNC4899, and Slow Pisces.

TraderTraitor: Persistent threats to the Web3 sector

Hacking groups’ activities often involve highly coordinated social engineering efforts that simultaneously target multiple employees within the same organization, according to statements from the U.S. Federal Bureau of Investigation (FBI), the Department of Defense’s Cyber Crime Center, and the Japanese National Police Agency. This disclosure follows DMM Bitcoin’s decision to suspend operations earlier this month as a direct result of the breach.

TraderTraitor is a persistent threat group that has been active since at least 2020. They often target companies operating in the Web3 sector and often trick victims into downloading cryptocurrency applications infected with malware. This approach allows the group to facilitate theft on a significant scale.

In recent years, the group has launched a variety of attacks utilizing business-related social engineering tactics. These campaigns involve reaching out to potential targets under the guise of recruiting or collaborating on GitHub projects, often resulting in the distribution of malicious npm packages. One of the group’s most notorious exploits was unauthorized access to JumpCloud systems targeting a select group of downstream customers last year.

Recent Attack Strategies and DMM Bitcoin Heist

The attack on DMM Bitcoin followed a similar pattern. In March 2024, TraderTraitor agents posed as recruiters to gain access to employees of Ginco, a Japan-based cryptocurrency wallet software company. The agent shared a malicious Python script hosted on GitHub disguised as part of a pre-employment test. Unfortunately, an employee who had access to Ginco’s wallet management system accidentally copied the script to his personal GitHub account, compromising the company’s security.

In mid-May 2024, the attackers expanded their efforts by exploiting session cookie information to impersonate compromised Ginco employees. This gave them access to Ginco’s unencrypted communications systems. By the end of May 2024, threat actors had stolen 4,502.9 BTC, worth $308 million at the time, by manipulating legitimate transaction requests from DMM Bitcoin employees. The stolen funds were traced to a wallet managed by TraderTraitor.

This disclosure is consistent with findings from blockchain intelligence firm Chainalysis, which linked the DMM Bitcoin hack to North Korean cybercriminals. According to Chainalytic, the attackers exploited infrastructure vulnerabilities to execute unauthorized withdrawals.

🚨🇵North Korean hackers take a big hit in 2024
According to Chainalytic, they are expected to double their earnings in 2023, stealing $1.3 billion in cryptocurrency this year.
They used tactics including posing as remote IT employees to infiltrate companies to fund North Korea’s weapons programs and evade sanctions.
major… pic.twitter.com/RppswOHaRC
— Mario Nawfal (@MarioNawfal) December 23, 2024

Chainalysis reported that hackers transferred millions of dollars in cryptocurrency to brokerage addresses before leveraging the Bitcoin CoinJoin Mixing Service. After successfully obfuscating the funds, the attackers routed some of them through various bridging services. The stolen assets eventually reached HuiOne Guarantee, an online marketplace affiliated with Cambodia’s HuiOne Group, which has previously been implicated in cybercrime activities.

Meanwhile, the AhnLab Security Intelligence Center (ASEC) recently exposed another North Korean threat group. A subcluster of the Lazarus Group known as Andariel has been deploying the SmallTiger backdoor to target asset management and document centralization solutions in South Korea.

This series of revelations highlights North Korea’s growing role in cybercrime, particularly in the cryptocurrency sector, as it continues to exploit sophisticated technology and infrastructure vulnerabilities to fund its operations.

Simplifying Meme Coin Investing with Meme Index

Meme Index is a decentralized platform designed to simplify investing in the meme coin market by providing exposure through four unique indices: Titan, Moonshot, MidCap, and Frenzy. Each index is tailored to accommodate different levels of risk, from stable, well-established meme coins like DOGE and SHIB in the Titan Index to high-risk, high-yield exotic tokens in the Frenzy Index. Investors can use the $MEMEX token to access these indices and participate in their governance, ensuring the platform evolves in line with market trends and community input.

What sets Meme Index apart is its focus on diversity and community-driven decision-making. Instead of investing in individual meme coins, users are exposed to a carefully selected basket of tokens, taking advantage of market trends while reducing risk. $MEMEX holders can also stake their tokens for high APY rewards during pre-sale and after token launch. This staking mechanism not only improves profits but also supports the growth of the platform. Governance rights allow $MEMEX holders to vote on proposals such as adding or removing meme coins from the index, making the platform dynamic and community-driven.